Displaying 20 results from an estimated 7000 matches similar to: "Weak DH primes and openssh"
2015 May 23
2
Weak DH primes and openssh
> Can this be addressed in ssh_config/sshd_config with the KexAlgorithms setting?
weakdh.org/sysadmin.html recommends adding:
KexAlgorithms curve25519-sha256 at libssh.org
But this thread makes it sound as if it's not necessary. Can anyone
confirm? Personally I'm on openssh-6.7.
- Grant
> You will be aware of https://weakdh.org/ by now, I presume; the take-home seems to be
2015 Jul 24
2
DH_GRP_MIN is currently 1024, should it be bumped to 2048?
Greetings,
Given the weakness with Diffie-Hellman modp groups less than 2048, is it
time to bump the suggested 1024 bit minimum value from the RFC 4419 to a
more current 2048 value for OpenSSH 7.0?
If so, should this be just a compile-time change, or should there be a
new client and server runtime option?
Thanks,
-- Mark
2017 Sep 24
3
DH Group Exchange Fallback
On 09/24/2017 12:21 AM, Mark D. Baushke wrote:
> I suggest you upgrade to a more recent edition of the OpenSSH software.
> The most recent release is OpenSSH 7.5 and OpenSSH 7.6 will be released
> very soon.
This problem is in v7.5 and v7.6. See dh.c:436.
> OpenSSH 6.6 was first released on October 6, 2014.
I brought up v6.6 to give an example that older clients wouldn't be
2007 Sep 21
4
Diffie Hellman key exchange algorithms
A few questions regarding the OpenSSH support for the Diffie Hellman key exchange algorithms:
(1) Are the diffie-hellman-group-exchange-sha256",
"diffie-hellman-group-exchange-sha1"
, "diffie-hellman-group14-sha1" "diffie-hellman-group1-sha1" (as
defined in RFCs 4253 and RFC 4419) the complete list of key exchange
algorithms supported by OpenSSH?
(2) Is there a
2015 May 22
3
Weak DH primes and openssh
On Fri, May 22, 2015 at 12:27:01, Darren Tucker <dtucker at zip.com.au> wrote:
> Note that PuTTY does do Diffie-Hellman Group Exchange, but until very
> recently (ie after their 0.64 release) they didn't do the one that was
> actually standardized in RFC4419. OpenSSH recently removed support for
> that non-standard one and as a result we don't offer DHGEX to PuTTY
>
2015 Jul 23
3
Cisco vs. 6.9
After upgrading a Linux system from OpenSSH 6.7 to 6.9, Cisco
switches/routers can no longer scp config files to/from the system. The
last debug entry before the Cisco device closes the connection is "debug1:
server_input_channel_open: confirm session". The next line is "Connection
closed by x.x.x.x". Anyone else seen this or know of a fix? The Cisco
device gives
2019 Feb 15
4
Can we disable diffie-hellman-group-exchange-sha1 by default?
Also, how are default moduli shipped with OpenSSH for use in
diffie-hellman-group-exchange-sha1/sha256 chosen? Are they chosen
randomly by developers or are they chosen for security properties? If
they are random, why not use moduli from RFC 7919 instead, like
Mozilla recommends?
On Fri, Feb 15, 2019 at 3:48 AM Mark D. Baushke <mdb at juniper.net> wrote:
>
> Yegor Ievlev <koops1997
2015 May 22
4
Weak DH primes and openssh
On Fri 2015-05-22 00:06:29 -0400, Darren Tucker wrote:
> On Thu, May 21, 2015 at 11:26 PM, Matthew Vernon <matthew at debian.org> wrote:
>>
>> You will be aware of https://weakdh.org/ by now, I presume; the
>> take-home seems to be that 1024-bit DH primes might well be too weak.
>> I'm wondering what (if anything!) you propose to do about this issue,
>>
2017 Sep 21
5
DH Group Exchange Fallback
Hi,
I'm interested in requiring a minimum of 3072-bit DH moduli when
using the "diffie-hellman-group-exchange-sha256" kex, so I edited my
/etc/ssh/moduli file such that only 3071+ moduli are left. However,
when clients ask for a max of 2048-bit moduli, they actually get one
(!). I poked around and found that a fallback mechanism exists
(dh.c:185), which returns back the
2017 Sep 23
2
DH Group Exchange Fallback
On 09/22/2017 06:55 PM, Tim Broberg wrote:
> Do I understand correctly, that you find the security of group 14 unacceptable and yet you left it enabled?
In the end, I'm trying to ensure a minimum equivalent of 128-bits of
security. Group14 is 2048-bits, which roughly translates to 112-bits. [1]
To this end, I disabled the "diffie-hellman-group14-sha1" and
2017 Sep 22
6
DH Group Exchange Fallback
On 09/22/2017 03:22 PM, Daniel Kahn Gillmor wrote:
> On Thu 2017-09-21 18:12:44 -0400, Joseph S Testa II wrote:
>> I gotta say... having a fallback mechanism here seems pretty
>> strange. The entire point of the group exchange is to use a dynamic
>> group and not a static one.
>
> fwiw, i think dynamic groups for DHE key exchange is intrinsically
> problematic
2016 Oct 18
7
SSH Weak Ciphers
Hi,
In a recent security review some systems I manage were flagged due to
supporting "weak" ciphers, specifically the ones listed below. So first
question is are people generally modifying the list of ciphers supported by
the ssh client and sshd?
On CentOS 6 currently it looks like if I remove all the ciphers they are
concerned about then I am left with Ciphers
2019 Jan 19
4
Can we disable diffie-hellman-group14-sha1 by default?
I'm not sure if collision resistance is required for DH key
derivation, but generally, SHA-1 is on its way out. If it's possible
(if there's not a very large percentage of servers that do not support
anything newer), it should be disabled.
2014 Oct 28
22
[Bug 2302] New: ssh (and sshd) should not fall back to deselected KEX algos
https://bugzilla.mindrot.org/show_bug.cgi?id=2302
Bug ID: 2302
Summary: ssh (and sshd) should not fall back to deselected KEX
algos
Product: Portable OpenSSH
Version: 6.7p1
Hardware: All
OS: All
Status: NEW
Severity: security
Priority: P5
Component: ssh
2014 Oct 28
22
[Bug 2302] New: ssh (and sshd) should not fall back to deselected KEX algos
https://bugzilla.mindrot.org/show_bug.cgi?id=2302
Bug ID: 2302
Summary: ssh (and sshd) should not fall back to deselected KEX
algos
Product: Portable OpenSSH
Version: 6.7p1
Hardware: All
OS: All
Status: NEW
Severity: security
Priority: P5
Component: ssh
2016 Nov 08
4
one host only: ssh_dispatch_run_fatal
Darren Tucker <dtucker at zip.com.au> writes:
> On Tue, Nov 8, 2016 at 1:02 PM, Harry Putnam <reader at newsguy.com> wrote:
> [...]
>> gv harry> ssh -vv 2x
>>
>> OpenSSH_7.3p1-hpn14v11, OpenSSL 1.0.2j 26 Sep 2016
>
> this is a third-party modified version of OpenSSH. Can you reproduce
> the problem with a stock OpenSSH from the source from
2024 Jan 26
1
enable strong KexAlgorithms, Ciphers and MACs in /etc/ssh/sshd_config file on RHEL 8.x Linux OS
On 25.01.24 14:09, Kaushal Shriyan wrote:
> I am running the below servers on Red Hat Enterprise Linux release 8.7
> How do I enable strong KexAlgorithms, Ciphers and MACs
On RHEL 8, you need to be aware that there are "crypto policies"
modifying sshd's behaviour, and it would likely be the *preferred*
method to inject your intended config changes *there* (unless they
2018 Nov 23
2
Debian Stretch 9.6: openssh-server and old dropbear client don't work togheter
Il giorno gio 22 nov 2018 alle ore 21:24 Stuart Henderson
<stu at spacehopper.org> ha scritto:
>
> On 2018/11/22 19:55, owl700 at gmail.com wrote:
> > Hi, I have compatibility issues with the latest version of
> > openssh-server and an old dropbear client, the dopbear client stops at
> > preauth
> >
> > ov 22 14:34:03 myhostname sshd[3905]: debug1: Client
2024 Sep 23
1
diffie-hellman-group-exchange-sha256 group size concerns and request
Hello,
On Sun, Sep 22, 2024 at 10:15?AM Kurt Fitzner via openssh-unix-dev
<openssh-unix-dev at mindrot.org> wrote:
>
> I would like to advocate for:
>
> - Change behaviour of the server to allow server operators to set the
> minimum modulus group size allowable for a connection using
> diffie-hellman-group-exchange-sha256
> Whether this is by having the server refuse
2017 Sep 25
4
DH Group Exchange Fallback
On 25 September 2017 at 02:32, Mark D. Baushke <mdb at juniper.net> wrote:
> [+CC Loganaden Velvindron <logan at hackers.mu>] primary author of
> the RFC 4419 refresh draft.
https://datatracker.ietf.org/doc/draft-lvelvindron-curdle-dh-group-exchange/ ?
Tangent: has any consideration been given to increasing the maximum
allowed beyond 8192 bits (which is below the current NIST